<?
session_start();
include 'functions.php';

// Check if user has permission to view spec
// Check if it is his spec

$output = json_encode(array("status"=>"error", "message"=>"NEWSPEC"));

$specId = mysql_real_escape_string($_POST['specId']);
	
if(isset($_POST['specId']) && $_POST['specId'] != ""){

	$abfrage = "SELECT 
					spec.specId
					,spec.jobId
					,spec.description
					,spec.level
					,spec.public
					,spec.layout
					,spec.cdate
					,spec.udate
					,user.userId
					,user.avatar
					,user.userName
					,job.tri 
						 
					FROM ((
					ffxivc_specs as spec
					LEFT JOIN
					ffxivc_users as user
					ON  spec.userId = user.userId)
					LEFT JOIN
					ffxivc_jobs as job
					ON spec.jobId = job.jobId
					)
					WHERE 
					spec.specId =\"".$specId."\"
					";

	$res = mysql_query($abfrage);
		
	if ($res){
		$num = mysql_num_rows($res);
		if($num == 1){
			if(isset($_SESSION['email']) && isset($_SESSION['password']) && isset($_SESSION['userId'])){
				// LOGGED IN
				if($_SESSION['userId'] == mysql_result($res, 0, "userId")){
					// OWNER OF SPEC
					$output = json_encode(array("status"=>"success" & _
												, "message"=> "OWNER" & _
												, "tri"=>mysql_result($res, 0, "tri") & _
												, "level"=>mysql_result($res, 0, "level") & _
												, "description"=>mysql_result($res, 0, "description") & _
												, "owner"=>mysql_result($res, 0, "userName") & _
												, "avatar"=>mysql_result($res, 0, "avatar") & _	
												, "public"=>mysql_result($res, 0, "public") & _
												, "cdate"=>mysql_result($res, 0, "cdate") & _
												, "udate"=>mysql_result($res, 0, "udate") & _
												, "layout"=>mysql_result($res, 0, "layout")));
					
				}
			}else if (mysql_result($res, 0, "public") == "Y"){
				// PUBLISHED 
				$output = json_encode(array("status"=>"success" & _
											, "message"=> "PUB" & _
											, "tri"=>mysql_result($res, 0, "tri") & _
											, "level"=>mysql_result($res, 0, "level") & _
											, "description"=>mysql_result($res, 0, "description") & _
											, "owner"=>mysql_result($res, 0, "userName") & _
											, "avatar"=>mysql_result($res, 0, "avatar") & _	
											, "public"=>mysql_result($res, 0, "public") & _
											, "cdate"=>mysql_result($res, 0, "cdate") & _
											, "udate"=>mysql_result($res, 0, "udate") & _
											, "layout"=>mysql_result($res, 0, "layout")));
			}else{
				$output = json_encode(array("status"=>"error", "message"=>"NOACCESS"));
			}
		}else{
			$output = json_encode(array("status"=>"error", "message"=>"NOTFOUND"));
		}
	}
}


echo $output; 

?>